heroku-bouncer 0.4.0.pre3 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/lib/heroku/bouncer/middleware.rb +49 -31
  4. metadata +18 -6
  5. data/Gemfile.lock +0 -62
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e309a66ada0259f78b01d8524259250a0cbba5ab
4
- data.tar.gz: 66b98fb8a1fa87093aa6b632c1097077a3d13792
3
+ metadata.gz: 03abaeaa8715d6bcd3f72fad85fa58dd8f0645c0
4
+ data.tar.gz: 0debdadff5ca498f87a3f2d90a37b80dd00c84ce
5
5
  SHA512:
6
- metadata.gz: c334ee9efd1af0e1c6e9e9d9ea72c3c26f63b514179cb6a163cd7bb58859b3b6497811f7fada20ff59ae571f963ec430d4f4929d5d9c99d282e81c9d65cd4143
7
- data.tar.gz: dd1ce965ccea7181e62189b361b5125d730a0cb30c5fdf3cbb543d07cae42b5bd8604b546ca7cc70d3f6c04e1a4c1747316664cd018396e4d1268963385fa77c
6
+ metadata.gz: e1d4d8f927f12a89f3d4f2d6855129a14ac623a08b99e2e1cb81d9d82810e57b6cf727fdb99f3398696f19b3ba827f96af8e817c230f70a56d9dd5db80fe85ab
7
+ data.tar.gz: c018b6dc635a21cfeb88da1fb57869c40e8ef8d5eaa411b091ffea5fe0e2f3e453e110255d8777d89d91021c597e7fd03dfdba852c2692b599ad7d13f24e9de4
data/README.md CHANGED
@@ -90,7 +90,7 @@ use Heroku::Bouncer,
90
90
  secret: ENV['HEROKU_BOUNCER_SECRET']
91
91
  ```
92
92
 
93
- There are 7 additional options you can pass to the middleware:
93
+ There are 8 additional options you can pass to the middleware:
94
94
 
95
95
  * `oauth[:scope]`: The [OAuth scope][] to use when requesting the OAuth
96
96
  token. Default: `identity`.
@@ -105,7 +105,7 @@ There are 7 additional options you can pass to the middleware:
105
105
  `true`
106
106
  * `session_sync_nonce`: If present, determines the name of a cookie shared across properties under a same domain in order to keep their sessions synchronized. Default: `nil`
107
107
  * `allow_anonymous`: Accepts a lambda that gets called with each request. If the lambda evals to true, the request will not enforce authentication (e.g: `allow_anonymous: lambda { |req| !/\A\/admin/.match(req.fullpath) }` will allow anonymous requests except those with under the `/admin` path). Default: `nil`, which does not allow anonymous access to any URL.
108
-
108
+ * `skip`: Accepts a lambda that gets called with each request's `env`. If the lambda gets evaluated to true, heroku-bouncer's middleware will be completely skipped. Default: 'false', which applies heroku-bouncer to all requests.
109
109
 
110
110
  You use these by passing a hash to the `use` call, for example:
111
111
 
data/lib/heroku/bouncer/middleware.rb CHANGED
@@ -26,11 +26,12 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
26
26
  @expose_user = extract_option(options, :expose_user, true)
27
27
  @session_sync_nonce = extract_option(options, :session_sync_nonce, nil)
28
28
  @allow_anonymous = extract_option(options, :allow_anonymous, nil)
29
+ @skip = extract_option(options, :skip, false)
29
30
  end
30
31
  end
31
32
 
32
33
  def call(env)
33
- if @disabled
34
+ if @disabled || skip?(env)
34
35
  @app.call(env)
35
36
  else
36
37
  unlock_session_data(env) do
@@ -39,45 +40,24 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
39
40
  end
40
41
  end
41
42
 
42
- def unlock_session_data(env, &block)
43
- decrypt_store(env)
44
- return_value = yield
45
- encrypt_store(env)
46
- return_value
47
- end
48
-
49
- def auth_request?
50
- %w[/auth/heroku/callback /auth/heroku /auth/failure /auth/sso-logout /auth/logout /auth/login].include?(request.path)
51
- end
52
-
53
- def session_nonce_mismatch?
54
- (store_read(@session_sync_nonce.to_sym).to_s != session_nonce_cookie.to_s) && !auth_request?
55
- end
56
-
57
- def session_nonce_cookie
58
- @session_sync_nonce && request.cookies[@session_sync_nonce]
59
- end
60
-
61
- def anonymous_request_allowed?
62
- auth_request? || (@allow_anonymous && @allow_anonymous.call(request))
63
- end
64
-
65
43
  before do
66
- if @session_sync_nonce && session_nonce_mismatch?
67
- if session_nonce_cookie.to_s.empty?
44
+ if session_nonce_mismatch?
45
+ if @session_sync_nonce && session_nonce_cookie.to_s.empty?
68
46
  destroy_session
69
47
  redirect to(request.url)
70
48
  else
71
- store_write(:return_to, request.url)
72
- redirect to('/auth/heroku')
49
+ require_authentication
73
50
  end
74
51
  end
75
52
 
76
53
  if store_read(:user)
77
- expose_store
54
+ if expired? && !auth_request?
55
+ require_authentication
56
+ else
57
+ expose_store
58
+ end
78
59
  elsif !anonymous_request_allowed?
79
- store_write(:return_to, request.url)
80
- redirect to('/auth/heroku')
60
+ require_authentication
81
61
  end
82
62
  end
83
63
 
@@ -97,6 +77,7 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
97
77
  end
98
78
  store_write(@session_sync_nonce.to_sym, session_nonce_cookie) if @session_sync_nonce
99
79
  store_write(:token, token) if @expose_token
80
+ store_write(:expires_at, Time.now.to_i + 3600 * 8)
100
81
  redirect to(store_delete(:return_to) || '/')
101
82
  end
102
83
 
@@ -132,6 +113,43 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
132
113
 
133
114
  private
134
115
 
116
+ def unlock_session_data(env, &block)
117
+ decrypt_store(env)
118
+ yield
119
+ ensure
120
+ encrypt_store(env)
121
+ end
122
+
123
+ def auth_request?
124
+ %w[/auth/heroku/callback /auth/heroku /auth/failure /auth/sso-logout /auth/logout /auth/login].include?(request.path)
125
+ end
126
+
127
+ def session_nonce_mismatch?
128
+ @session_sync_nonce && (store_read(@session_sync_nonce.to_sym).to_s != session_nonce_cookie.to_s) && !auth_request?
129
+ end
130
+
131
+ def session_nonce_cookie
132
+ @session_sync_nonce && request.cookies[@session_sync_nonce]
133
+ end
134
+
135
+ def anonymous_request_allowed?
136
+ auth_request? || (@allow_anonymous && @allow_anonymous.call(request))
137
+ end
138
+
139
+ def expired?
140
+ ts = store_read(:expires_at)
141
+ ts.nil? || Time.now.to_i > ts
142
+ end
143
+
144
+ def skip?(env)
145
+ @skip && @skip.call(env)
146
+ end
147
+
148
+ def require_authentication
149
+ store_write(:return_to, request.url)
150
+ redirect to('/auth/heroku')
151
+ end
152
+
135
153
  def extract_option(options, option, default = nil)
136
154
  options.has_key?(option) ? options[option] : default
137
155
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heroku-bouncer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0.pre3
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Dance
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-12-09 00:00:00.000000000 Z
11
+ date: 2014-01-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-heroku
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - '>='
137
137
  - !ruby/object:Gem::Version
138
138
  version: '0'
139
+ - !ruby/object:Gem::Dependency
140
+ name: delorean
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - '>='
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - '>='
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
139
153
  description: ID please.
140
154
  email:
141
155
  - jd@heroku.com
@@ -152,7 +166,6 @@ files:
152
166
  - lib/heroku/bouncer.rb
153
167
  - README.md
154
168
  - Gemfile
155
- - Gemfile.lock
156
169
  - Rakefile
157
170
  homepage: https://github.com/heroku/heroku-bouncer
158
171
  licenses:
@@ -169,9 +182,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
169
182
  version: '0'
170
183
  required_rubygems_version: !ruby/object:Gem::Requirement
171
184
  requirements:
172
- - - '>'
185
+ - - '>='
173
186
  - !ruby/object:Gem::Version
174
- version: 1.3.1
187
+ version: '0'
175
188
  requirements: []
176
189
  rubyforge_project:
177
190
  rubygems_version: 2.0.14
@@ -180,5 +193,4 @@ specification_version: 4
180
193
  summary: Rapidly add Heroku OAuth to your Ruby app.
181
194
  test_files:
182
195
  - Gemfile
183
- - Gemfile.lock
184
196
  - Rakefile
data/Gemfile.lock DELETED
@@ -1,62 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- heroku-bouncer (0.4.0.pre2)
5
- faraday (~> 0.8)
6
- omniauth-heroku (>= 0.1.0)
7
- rack (~> 1.0)
8
- sinatra (~> 1.0)
9
-
10
- GEM
11
- remote: https://rubygems.org/
12
- specs:
13
- faraday (0.8.8)
14
- multipart-post (~> 1.2.0)
15
- hashie (1.2.0)
16
- httpauth (0.2.0)
17
- jwt (0.1.8)
18
- multi_json (>= 1.5)
19
- metaclass (0.0.1)
20
- minitest (5.0.8)
21
- minitest-spec-context (0.0.3)
22
- mocha (0.14.0)
23
- metaclass (~> 0.0.1)
24
- multi_json (1.8.2)
25
- multipart-post (1.2.0)
26
- oauth2 (0.8.1)
27
- faraday (~> 0.8)
28
- httpauth (~> 0.1)
29
- jwt (~> 0.1.4)
30
- multi_json (~> 1.0)
31
- rack (~> 1.2)
32
- omniauth (1.1.4)
33
- hashie (>= 1.2, < 3)
34
- rack
35
- omniauth-heroku (0.1.1)
36
- omniauth (~> 1.0)
37
- omniauth-oauth2 (~> 1.0)
38
- omniauth-oauth2 (1.1.1)
39
- oauth2 (~> 0.8.0)
40
- omniauth (~> 1.0)
41
- rack (1.5.2)
42
- rack-protection (1.5.0)
43
- rack
44
- rack-test (0.6.2)
45
- rack (>= 1.0)
46
- rake (10.1.0)
47
- sinatra (1.4.4)
48
- rack (~> 1.4)
49
- rack-protection (~> 1.4)
50
- tilt (~> 1.3, >= 1.3.4)
51
- tilt (1.4.1)
52
-
53
- PLATFORMS
54
- ruby
55
-
56
- DEPENDENCIES
57
- heroku-bouncer!
58
- minitest (~> 5.0)
59
- minitest-spec-context
60
- mocha
61
- rack-test
62
- rake